April-May_2022 - 13

Sponsored by
Cybersecurity and the Cloud:
Is Your ITS Infrastructure
Ready for the Future?
All-time high levels of funding are
now available to restore and modernize
our nation's transportation infrastructure
and advance the state of public transit
in America. Likewise, as the recovery
from the worldwide pandemic continues
to slowly come into focus, now is the
time for public transit agencies to take
advantage of this window of opportunity
to position themselves for the future.
Cybersecurity and cloud-based solutions
should be at the top of every agency's investment
priorities to ensure their ITS
infrastructure is ready for the future. Below
are some key questions that executive
directors and agency leadership should be
asking to make sure they prioritize their
investments wisely.
1.
Why should my
organization worry about
information security?
There is a common statistic cited from
recent studies that states a cyberattack
occurs every 39 seconds. Cybercrime is
estimated to reach costs in the trillions
within the next few years unless we start
implementing strong countermeasures
now. Cybersecurity is a cornerstone of
our national security policy and APTA
continues to take a leadership position
to advance this cause. The latest round
of federal funding for transportation has
made the implementation of cybersecurity
not only a focus, but a requirement.
Agencies will be held accountable and
audited to demonstrate the steps they are
taking to address this challenge.
2.
What if we don't have the
staffing levels or expertise
to address cybersecurity?
The FTA and APTA have built a valuable
library of information and toolkits
to help provide a roadmap for success.
Agencies will not be able to do this alone
and the only path to success is a coordinated
effort between agencies, funding
partners, stakeholders and technology
providers.
Avail is unique as a technology provider
in that we serve all three layers of
the transportation information ecosystem
- operational systems, enterprise
information systems and subscribed systems.
Therefore, Avail has made security
a top priority.
3.
What should an agency expect
from technology providers and
what should providers expect from
agencies to implement a successful
approach to cybersecurity?
There are clearly established pillars of
cybersecurity, and technology provider's
products and services make up a large
percentage of the IT infrastructure and
facilities piece of the puzzle.
Thus, agencies should expect their
technology providers to have an articulated
strategy around security and documented
Information Security (INFOSEC)
policy. Likewise, agencies need to be responsible
for the operations and people
pieces and provide strong governance
that starts at the top. Any chain is only
as strong as its weakest link, and this is
especially true when it comes to security.
The best path to success is agencies and
technology providers working together
to implement a unified strategy.
4.
What are some examples
of how Avail is innovating
to be at the forefront of
cybersecurity and help agencies?
As a technology partner, not just a provider,
Avail is taking a holistic approach
to security. This approach is guided by a
cybersecurity committee and INFOSEC
policy to secure our entire range of products
and services. Our entire back-office
suite of Enterprise Transit Management
software is cloud based to enable agencies
to migrate away from reliance of
on-premise servers and hardware. We
are also now offering an upgrade to SOCII
compliance with enhanced intrusion
detection, security logging retention and
audit reports available to support agency
regulation compliance, as well as increased
limits on cyber insurance. An
agencies' vehicle fleet includes an extensive
technology stack that is connected to
the cloud and thus vulnerable to cyber-attack.
Avail has solutions here as well for
agencies, and we can provide enhanced
onboard equipment and mobile gateway
routers with private networks, virtual
tunnels, over-the-air updates and other
protection mechanisms to ensure the
security of all of your rolling stock and
the safety of your passengers and drivers.
These are just some examples to illustrate
our holistic approach to security.
5.
Any closing thoughts for
agencies as they work
on their strategic plans and
investment strategies?
If you haven't started developing your
agency security strategy and creating a
documented INFOSEC policy, you need
to start now. Regardless of who your
technology providers are, you should be
offering them a seat at the table to help
be part of the solution and you should
expect that they have solutions and strategies
to help. There is funding available
to help agencies invest in cybersecurity
but they need to be cautious and look for
more than shovel-readiness. At Avail, we
have taken a holistic approach to security
and our goal is to offer solutions that are
shovel-worthy to ensure the success and
security of our agency partners and those
they serve.
Rick Spangler is Chief
Technology Officer for
Avail Technologies, Inc.
APRIL/MAY 2022 | MassTransitmag.com | Mass Transit | 13
109205717 | Vs1489 | Dreamstime
http://www.MassTransitmag.com
April-May_2022

Table of Contents for the Digital Edition of April-May_2022
